Menu
Thanks to this answer I am able to connect to Firebase 3 via HTTP REST API and an email/password. Logging in with this API returns an access token that is used to access the Firebase Database. This access token expires after 1 hour. A refresh token is also returned after logging in, which I can use to refresh my access token. Here is what I am doing specifically:
Method:
POST
URL:
https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyPassword?key=<my-firebase-api-key>
Payload:
{
email: "<email>",
password: "<password>",
returnSecureToken: true
}
Response:
{
"kind": "identitytoolkit#VerifyPasswordResponse",
"localId": "<firebase-user-id>", // Use this to uniquely identify users
"email": "<email>",
"displayName": "",
"idToken": "<provider-id-token>", // Use this as the auth token in database requests
"registered": true,
"refreshToken": "<refresh-token>",
"expiresIn": "3600"
}
In the case of refreshing my access token:
URL:
https://securetoken.googleapis.com/v1/token?key=<my-firebase-api-key>
Payload:
{
grant_type: "refresh_token",
refresh_token: "<refresh-token>"
}
Response:
{
"access_token": "<access-token>",
"expires_in": "3600",
"token_type": "Bearer",
"refresh_token": "<refresh-token>",
"id_token": "<id-token>",
"user_id": "<user-id>",
"project_id": "<project-id>"
}
How do I access my database via HTTP REST API given that I have my access token?
698
Streaming from the REST API To get started with streaming, we will need to do the following: Set the client's Accept header to text/event-stream. Respect HTTP Redirects, in particular HTTP status code 307. Include the auth query parameter if the Firebase database location requires permission to read.
1 Answer. Show activity on this post. And in your database, create a users table, and within that, create a table with the name of your <user-id> of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key .
You can use any Firebase Realtime Database URL as a REST endpoint. All you need to do is append . json to the end of the URL and send a request from your favorite HTTPS client. HTTPS is required.
The Firebase Realtime Database can be accessed directly from a mobile device or web browser; there's no need for an application server. Security and data validation are available through the Firebase Realtime Database Security Rules, expression-based rules that are executed when data is read or written.
So after communicating with technical support, here's my answer:
In your database rules, include something like this that is compatible with what you're doing:
{
"rules": {
"users": {
"$user_id": {
// grants write access to the owner of this user account
// whose uid must exactly match the key ($user_id)
".write": "$user_id === auth.uid",
".read": "$user_id === auth.uid"
}
}
}
}
And in your database, create a users table, and within that, create a table with the name of your <user-id> of the authentication email/password account you are using. Within that table is the information you will be able to access via your access-key.
Then send a request like this:
https://samplechat.firebaseio-demo.com/users/<user-id>.json?auth=<access-key>
Where access-key is the key that can be known as idToken, id_Token, or access_key in JSON responses from Google.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With